Fix this Python vulnerability, patch these industrial control system products, the latest data breaches and more.
Welcome to Cyber Security Today. It’s Monday, March 18th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
I’m back after some time away. A big thanks to Jim Love for doing recent podcasts.
Developers and IT administrators overseeing servers running the aiohttp open-source Python framework should make sure they’re using the latest version. This is because the ShadowSyndicate ransomware gang is looking for vulnerable versions of this utility as an entryway for network compromise. According to researchers at Cyble, a patch was released at the end of January to close this hole. However, the researchers say that since February 29th threat actors, including ShadowSyndicate, are scanning the internet for vulnerable servers. If you haven’t looked for and patched this framework by now you’re asking for trouble.
The U.S. Cybersecurity and Infrastructure Security Agency has released advisories for a bunch of network-connected industrial control systems. These include 11 products from Siemens, two for Mitsubishi Electric’s MELSEC line, one for Delta Electronics and one for Softing.
You may soon be able to buy intent-connected home surveillance cameras, refrigerators, fitness trackers, baby monitors and other consumer products in the United States with a cybersecurity safety information sticker. That’s because the U.S. Federal Communications Commission has voted to create a cybersecurity labeling program for wireless consumer products. It will be voluntary for manufacturers to meet the yet-to-be-created standard to earn a U.S. Cyber Trust Mark. But it could help people make informed purchasing decisions — like, ‘If this product doesn’t have the label, why should I buy it?’
There’s good news and bad news in Sophos’ latest annual Threat Report. The good news is that technology for blocking the execution of malicious macros in documents is working. The bad news is that threat actors are responding by increasingly distributing malware through malvertising, like manipulating search engine results to ensure high placement of poisoned websites. Employees need to be warned about this tactic. A link to the report is here.
The FBI is investigating a ransomware attack that hit at least three of 14 district attorney’s offices in New Mexico last week. According to Source New Mexico, impacted servers belonged to the Administrative Office of the District Attorneys, which supports the DAs. One server affected is used by prosecutors and public defenders to share court records. Those records would include names of people accused of crimes, evidence and prosecutors’ case notes. The attack started last Wednesday. It was hoped things would have been back to normal on Friday.
Here’s the latest data breach news:
Personal data on as many as 43 million residents of France may have been stolen in a recent attack on France Travail, the nation’s job search site. A database with information of people registered over the past 20 years including names, dates of birth, the equivalent of social security numbers and email addresses was copied.
Missouri’s Saint Louis University is notifying over 93,000 students, faculty and employees that their email accounts were hacked over a seven-month period.
Nations Direct Mortgage, an American mortgage lender, is notifying over 83,000 people of a data breach. Information copied included names, addresses, Social Security numbers and individuals’ loan numbers.
Someone is pedaling a huge database of three-year-old information that claims to be from American communications provider AT&T. According to Security Affairs, this database was stolen in 2021 by a group called ShinyHunters. At the time AT&T denied the data had been stolen from its system, leading to speculation that it was copied from a third-party data processing firm.
The International Monetary Fund has acknowledged that 11 email accounts of staff were compromised earlier this year. It released no other details. The IMF provides short and medium-term loans to troubled nations around the world.
Over 18,000 people are being notified by a Texas oil and gas exploration company that personal data it holds about them was stolen in January. In a filing with the Maine attorney general’s office, Eland Energy said a hacker got into its virtual server and stole people’s names, dates of birth, Social Security numbers and addresses.
Over 11,000 people who bought wine and other items on the website of the Biltmore estate, a North Carolina tourist attraction, are being notified their credit or debit card information was stolen last month. The company says data-stealing code was inserted into the website application it uses to process online orders. This application is hosted by a third-party vendor.
Finally, people with older wireless devices that no longer get security updates should always think of moving up to newer hardware for security reasons. This is more important than ever because of a recently-discovered family of 5G vulnerabilities called 5Ghoul. They can knock the devices off the air or force downgrading to the slower 4G cellular service. As an article from the SANS Internet Storm Centre points out this can affect anything running 5G — laptops, industrial sensors, internet-connected TV cameras, and smartphones and tablets. Patches for many devices have been released, but if a 5G wireless modem on your network or your mobile device can’t be updated any more you could be hit by this malware.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.